----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66373/ -----------------------------------------------------------
(Updated April 2, 2018, 6:38 p.m.) Review request for sentry, Alexander Kolbasov, Brian Towles, kalyan kumar kalvagadda, Na Li, Steve Moist, Sergio Pena, Vadim Spector, and Xinran Tinney. Changes ------- Updated description Repository: sentry Description (updated) ------- Sentry clients use Configuration class defined in the hadoop-common code base to parse or read configuration files. Hadoop community had made improvements particularly to enhance security. The change introduces a new boolean attribute restrictParser. Setting restrictParser to true will Limit XML parsing to conform with feature "http://apache.org/xml/features/disallow-doctype-decl" This is a security feature explained here - https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet boolean restrictSystemProps is set to true Will prevent system properties from being read set XML inclusion (XInclude) to false prevent merging of xml documents This change is currently included in hadoop-version 2.7.5. There is a new implementation of addResources method to allow the setting of restrictParser boolean. Sentry is currently using hadoop-version 2.7.2. Bumping this version up and making appropriate changes will allow Sentry to take advantage of this feature Diffs ----- pom.xml 61e0f9700 sentry-binding/sentry-binding-hbase-indexer/src/main/java/org/apache/sentry/binding/hbaseindexer/authz/HBaseIndexerAuthzBinding.java d919fe702 sentry-binding/sentry-binding-hbase-indexer/src/main/java/org/apache/sentry/binding/hbaseindexer/conf/HBaseIndexerAuthzConf.java cfbd37bf1 sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java 8d5286cd3 sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/conf/KafkaAuthConf.java 6ca621022 sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java 0883e70fe sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/conf/SqoopAuthConf.java 7836871f6 sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryINodeAttributesProvider.java cf96df47b sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupMappingService.java 00b5cf608 sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/PermissionsMigrationToolCommon.java ed28b735c sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolIndexer.java c2341d322 sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java 5649f43fa sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellGeneric.java 907e1462c sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java 729a51865 sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java bf5d85b03 sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/tools/CreateSentryTestScaleData.java b234c85c5 sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java 8b68d0d06 Diff: https://reviews.apache.org/r/66373/diff/2/ Testing ------- $ mvn -f sentry-binding/pom.xml test $ mvn -f sentry-provider/pom.xml test $ mvn -f sentry-hdfs/pom.xml test Thanks, Arjun Mishra